Microsoft warns organizations of a “unique” attack campaign that abuses contact forms to deliver malicious links to businesses via emails containing fake legal threats. The emails instruct recipients to click a link to a sites.google.com page, which requires users to sign in with their Google credentials, following which a ZIP archive file is automatically downloaded. Microsoft researchers said the attackers might have used an automated tool to deliver the emails by abusing the enterprises’ contact forms while circumventing CAPTCHA protections. The attacks are yet another sign of how threat actors constantly tweak their social engineering tactics to target companies.
Source: https://thehackernews.com/2021/04/hackers-using-websites-contact-forms-to.html